OpenPLC_V3 Cross-Site Request Forgery_CVE-2025-13970

8 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H

Description

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack
due to the absence of proper CSRF validation. This issue allows an
unauthenticated attacker to trick a logged-in administrator into
visiting a maliciously crafted link, potentially enabling unauthorized
modification of PLC settings or the upload of malicious programs which
could lead to significant disruption or damage to connected systems.

Basic Information

ID CVE-2025-13970

Source icscert

Published Dec 13, 2025 at 00:03

Affected Product

Vendor OpenPLC_V3

Product OpenPLC_V3

Affected Versions OpenPLC_V3 OpenPLC_V3 0

CWE Classification

CWE-352

References

{
    "lastseen": "",
    "description": "OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack \ndue to the absence of proper CSRF validation. This issue allows an \nunauthenticated attacker to trick a logged-in administrator into \nvisiting a maliciously crafted link, potentially enabling unauthorized \nmodification of PLC settings or the upload of malicious programs which \ncould lead to significant disruption or damage to connected systems.",
    "published": "2025-12-13T00:03:20.869Z",
    "modified": "2025-12-13T00:03:20.869Z",
    "type": "cve",
    "title": "OpenPLC_V3 Cross-Site Request Forgery",
    "source": "icscert",
    "references": "https://github.com/thiagoralves/OpenPLC_v3\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-10.json",
    "id": "CVE-2025-13970",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "OpenPLC_V3 OpenPLC_V3 0",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenPLC_V3",
    "version": "0",
    "vendor": "OpenPLC_V3",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}